Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-04-2024 19:46
General
-
Target
20063914274000/lib/VISh323.dll
-
Size
598KB
-
MD5
73637e2fa4e6c62c132ce25c79b96d1a
-
SHA1
51e8e551db3815548f0883395260dbcde103bcff
-
SHA256
9fe9024f1826de2704324d5600093bf706b6ee7e903274aa85cea64abfd739f1
-
SHA512
0ee4e1cce533edf2c6abbb9bcad7d07399ec2b522b5b56fd93b98fe422d73393915931ff9121e10a46cbdbf9b69764090ec86434fd293a62ebdf4aac21ed48a1
-
SSDEEP
12288:uXL+cyhsmOrzr/YM3VI9AExfxQhAnx7s/:MU69/Cnps
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20063914274000\lib\VISh323.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20063914274000\lib\VISh323.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 2963⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2076-0-0x0000000010000000-0x0000000010147000-memory.dmpFilesize
1.3MB
-
memory/2076-1-0x0000000010000000-0x0000000010147000-memory.dmpFilesize
1.3MB
-
memory/2076-2-0x0000000000C30000-0x0000000000DA8000-memory.dmpFilesize
1.5MB